V9

30 exploits Active since May 1997
CVE-2007-2761 EXPLOITDB c WORKING POC
MagicISO <5.4.239 - Buffer Overflow
Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file.
CVE-2001-0084 EXPLOITDB c WORKING POC
GTK+ - Privilege Escalation via GTK_MODULES Environment Variable
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
CVE-2005-0713 EXPLOITDB c WORKING POC
Mac OS X <10.3.8 - Privilege Escalation
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
CVE-2005-0716 EXPLOITDB c WORKING POC
Mac OS X 10.3.5-10.3.6 - Local Buffer Overflow via CF_CHARSET_PATH Environment Variable
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
EIP-2026-103102 EXPLOITDB c WORKING POC
Dune 0.6.7 - GET Remote Buffer Overrun
CVE-2003-0510 EXPLOITDB c WORKING POC
ezbounce 1.0-1.50 - Remote Code Execution via Sessions Command Format String
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
EIP-2026-103154 EXPLOITDB c WORKING POC
LBreakout2 2.x - Login Remote Format String
CVE-2003-0705 EXPLOITDB c WORKING POC
mah-jong 1.5.6 - Buffer Overflow
Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.
CVE-2003-0865 EXPLOITDB c WORKING POC
mpg123 0.59r and 0.59s - Heap-Based Buffer Overflow via Long HTTP Request
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
CVE-2002-1566 EXPLOITDB c WORKING POC
netris 0.5 - Denial of Service via Long String to Port 9284
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
CVE-2000-0743 EXPLOITDB c WORKING POC
University of Minnesota gopherd 2.x - Remote Code Execution via Long GDESkey Ticket Value
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.
CVE-2003-0805 EXPLOITDB c WORKING POC
UMN gopher daemon <3.0.6 - Buffer Overflow
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
CVE-2003-0805 EXPLOITDB c WORKING POC
UMN gopher daemon <3.0.6 - Buffer Overflow
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
EIP-2026-103047 EXPLOITDB c WORKING POC
Xtokkaetama 1.0 b-6 - Nickname Local Buffer Overflow (1)
EIP-2026-102839 EXPLOITDB c WORKING POC
fkey 0.0.2 - Local File Accessibility
EIP-2026-102851 EXPLOITDB c WORKING POC
GnomeHack 1.0.5 - Local Buffer Overflow
CVE-2001-0087 EXPLOITDB c WORKING POC
itetris/xitetris <1.6.2 - Privilege Escalation
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
EIP-2026-102919 EXPLOITDB c WORKING POC
Man 1.5.1 - Catalog File Format String
CVE-2003-0645 EXPLOITDB bash WORKING POC
man-db <2.4.1 - Privilege Escalation
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
CVE-2003-0620 EXPLOITDB text WORKING POC
man-db < 2.4.1 - Multiple Buffer Overflow Vulnerabilities
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
EIP-2026-102989 EXPLOITDB bash WORKING POC
SDFingerD 1.1 - Failure To Drop Privileges Privilege Escalation
CVE-2000-0617 EXPLOITDB c WORKING POC
xconq - Buffer Overflow via Long USER Environment Variable
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.
EIP-2026-103046 EXPLOITDB perl WORKING POC
xsplumber - 'strcpy()' Local Buffer Overflow
EIP-2026-103052 EXPLOITDB c WORKING POC
Zblast 1.2 - 'Username' Local Buffer Overrun
CVE-2003-0625 EXPLOITDB HIGH text WRITEUP
hadrons xfstt < 1.5.1 - Off-by-one Error via Malformed Client Request
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
CVSS 7.5